Criminals Remote-Wiping Cell Phones 191
An anonymous reader writes "Crafty criminals are increasingly using the remote wipe feature on the Apple iPhone and other business handsets, such as RIM's BlackBerry, to destroy incriminating evidence, the head of the UK's Serious Fraud Office Keith Foggon has warned. Foggon told silicon.com that the move away from PCs towards using mobile phones was causing a headache for crime fighters who were struggling to keep up with the fast pace of new handsets and platforms churned out by the mobile industry."
Good. (Score:3, Insightful)
Re:Woah (Score:2, Insightful)
on a hard disk you would be correct, try it with anything else and you get bupkis back.
Well... (Score:5, Insightful)
If the only evidence the police have on said 'criminal' is a string of bits on his cell phone, they probably didn't have much of a case anyway, and likely shouldn't be arresting this criminal.
I genuinely hope small time 'criminals' continue getting these sorts of victories to the point that our police forces are forced to admit they have failed in the war on consensual acts between adults. The change certainly isn't going to come about while our various wars continue to make a tidy profit for those at the top.
Re:Woah (Score:5, Insightful)
Remember, this is flash, not magnetic bits stored on a spinning metal platter were header drift and other things would theoretically allow you to retrieve data that has long been removed.
Recovering from (intentionally overwritten flash) may be considerably harder than a traditional drive. Most flash recovery apps for cameras, etc. are really just reading the stray bits, as the formatting, etc. does not actually wipe each sector (because flash is rated in number of write operations the individual bits can support before going bad, so you want to minimize that).
Overwriting a flash storage partition on an iphone or other device also makes this harder because you can't easily pop those things open and mount the custom flash chip into some universal adapter and read its filesystem like you can do with any old hard drive (they even make forensic, read only, hard drive enclosures).
So I zero out the data on my iphone, and well, there aren't any jailbroken or app store apps that you can run on the damn thing to do a low level recovery anyway, and I don't know of any target disk raw access mode to the device when attached to a computer that is available outside of apple's developer labs.
Re:First POST (Score:5, Insightful)
I'm glad these articles focus on the negative facts that police have trouble with, and not the USEFUL part of remote data wipe so that millions of customers data can be deleted when a device is lost, instead of having that information in the hands of people that could do some damage. I'll take a wipe of evidence for that security any day.
Encryption (Score:3, Insightful)
Here's an interesting bit too. Looks like they try simple password protection breaking, but...
The team does not attempt to crack high-grade encryption, relying instead on the threat of a prison sentence for individuals refusing to hand over passwords or decrypted files.
Re:First POST (Score:5, Insightful)
Not to mention right near the top of the ARTICLE ITSELF:
"Because we isolate the devices immediately, and never reconnect them to their network, the remote wiping capability does not present us with much of a problem," he noted.
Um, so the problem is? Talk about sensationalism.
Re:Woah (Score:3, Insightful)
When I took my computer forensics class they showed that you could use a hex editor on a zero wiped floppy disk and recover most of the data that was on it previously.
Do you know how this is done? Because if one just uses a hex editor, wouldn't the hex editor simply see a disk full of nulls?
Re:Woah (Score:3, Insightful)
yeah that sounds like BS to me, I'd like to hear an explanation too. The magnetic explanations people have posted above are far more consistent with what I've heard about data recovery from wiped disks, which all involved hardware -- I've never heard of recovery through software alone, and it doesn't seem plausible. A hex editor would obviously be able to "undelete" data that had been "deleted" in the normal way, but I can't see how it would get to data that had been nulled.